package com.example.demo.config;

import com.example.demo.auth.MyUserDetailService;
import com.example.demo.dto.ResultDTOBuilder;
import com.example.demo.utils.ResponseBackUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import java.util.Map;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        System.out.println("经过认证");
//        auth.userDetailsService(myUserDetailService).passwordEncoder(passwordEncoder());
    }
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().mvcMatchers("/**");
    }

    //授权
    @Override
    protected void configure(HttpSecurity http) throws Exception {
      /*  http.exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> { //指定用户未登录时的返回值为JSON 替换原有的403页面
            ResponseBackUtil.back(httpServletResponse,ResultDTOBuilder.selfSetting("fail","403","您没有权限进行本操作,请先登录!",null));
        });
        http.csrf().disable();
        http.formLogin()
                .passwordParameter("password").usernameParameter("username")
                .loginProcessingUrl("/dologin")
                .successHandler(mySuccessHandler)
                .failureHandler(myFaitureHandler);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//前后端分离,采用JWT 不需要SESSION
                .and()
                .addFilter(new JWTAuthFilter(authenticationManager()));//指定JWT过滤器
        http.authorizeRequests().antMatchers("/css").permitAll()
                .antMatchers("/js").permitAll()
                .antMatchers("/dologin").permitAll()
                .antMatchers("/testException").permitAll()
                .antMatchers("/user").hasRole("user")
                .antMatchers("/admin").hasRole("admin")
                .antMatchers("/hr").hasRole("hr")
                .anyRequest().authenticated();*/
        //避免Security整合JWT的复杂,弃用security的拦截,放行全部页面 自行创建拦截器控制
      http.csrf().disable().authorizeRequests().anyRequest().permitAll();
      http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//前后端分离,采用JWT 不需要SESSION
      http.exceptionHandling().authenticationEntryPoint((request,response,e)->{//指定用户未登录时的返回值为JSON 替换原有的403页面
          ResponseBackUtil.back(response, ResultDTOBuilder.fail("[Security拦截]您没有访问该页面的权限"));
        });

    }

    @Bean
    public  PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}
